David Miranda, who was recently detained while carrying British intelligence documents through London's Heathrow Airport, reportedly wrote down the password to one of the encrypted files on a piece of paper seized by police.

Miranda, partner of The Guardian reporter Glenn Greenwald, carried a "piece of paper containing basic instructions for accessing some data, together with a piece of paper that included the password for decrypting one of the encrypted files on the external hard drive," UK Deputy National Security Adviser Oliver Robbins said in a "statement prepared for a High Court hearing," according to the BBC.

Robbins said one file Miranda was carrying included 58,000 "highly classified UK intelligence documents," but it's not clear how many documents were part of the file said to be associated with the password.

For his part, Greenwald denied that the password on its own could decrypt a document. "Anyone claiming that David Miranda was carrying a password that allowed access to documents is lying. UK itself says they can't access them," Greenwald wrote on Twitter. In another tweet, he wrote, "Good encryption requires multiple passwords, not just one. That pw allows no access to documents, period."

Nonetheless, Robbins chided Miranda, saying that carrying the piece of paper was "a sign of very poor information security practice," according to The Telegraph.

Miranda had been traveling to Berlin to visit documentary filmmaker Laura Poitras. Miranda "was in Berlin to deliver documents related to Mr. Greenwald’s investigation into government surveillance to Ms. Poitras, Mr. Greenwald said," the New York Times recently reported. "Ms. Poitras, in turn, gave Mr. Miranda different documents to pass to Mr. Greenwald."

The UK seized Miranda's computer, hard drive, and other pieces of equipment containing the documents. Robbins said that the material seized was "highly likely to describe techniques crucial in life-saving counter-terrorist operations," the BBC noted. "He added that intelligence staff were identifiable in the information, posing a danger to them in the UK and overseas."

Miranda will argue at a court hearing in October that the government misused its powers. In the meantime, an agreement approved by Miranda and his lawyers allows police to keep examining the seized material for national security purposes until the hearing.

89 Reader Comments

I still don't understand why they needed Miranda as a data mule. Why can't they encrypt the way the insurance files were encrypted and just use the Internet to send the data? They've met in person. I'm sure they have the passwords memorized, negating the need to send anything plaintext over the Internet. Heck, they could use Dropbox! Better than sending a laptop into airport security. They know better than anyone how dangerous that is.

I still don't understand why they needed Miranda as a data mule. Why can't they encrypt the way the insurance files were encrypted and just use the Internet to send the data? They've met in person. I'm sure they have the passwords memorized, negating the need to send anything plaintext over the Internet. Heck, they could use Dropbox! Better than sending a laptop into airport security. They know better than anyone how dangerous that is.

Because then somebody could intercept it and copy it. At least if you physically transport it you will almost certainly be aware when somebody else gains access to it. Even if it's properly encrypted, keeping access to the encrypted data to as few people as possible makes sense.

Also, why is David Miranda not referred to as "David Miranda"? He's been international news for a few weeks now. "Partner of NSA leaks reporter" seems very... biased to me.

Even "premiere" media (the NY Times for instance) is written at an 8th grade level at most. It also tends to be written so that you don't have to have ever read anything about anything before picking up that day's edition.

The UK seized Miranda's computer, hard drive, and other pieces of equipment containing the documents. Robbins said that the material seized was "highly likely to describe techniques crucial in life-saving counter-terrorist operations," the BBC noted. "He added that intelligence staff were identifiable in the information, posing a danger to them in the UK and overseas."

Considering sensitive material like that would be completely out of character for all the information leaked from the Snowden papers to date, I'm extremely skeptical about this claim.

And no, the documents used to uncover the UK secret intel base in the Middle East exposed by that rag The Independent most likely isn't one of the Snowden papers, no matter how much they claim otherwise.

If it required multiple passwords to access, why carry even one? That's like unlocking one lock on a multilock door and then going, "I guess we should just stand here, till someone else unlocks the rest".

Never heard of a hidden encrypted partition in TrueCrypt before? There could also be individually encrypted .ZIP files on an HDD with FDE enabled.

There could even be any number of other scenarios where two passwords are required. I know there are some FDEs that require multi-factor authentication before they unlock. Of course, that doesn't mean what Miranda did wasn't still incredibly stupid.

Because then somebody could intercept it and copy it. At least if you physically transport it you will almost certainly be aware when somebody else gains access to it. Even if it's properly encrypted, keeping access to the encrypted data to as few people as possible makes sense.

But you can't expect to make it through an airport (with encryption keys written down!) without the government interrogating you. This was dumb all around.

Sure you can. Greenwald hasn't been detained at all, as far as we know. Miranda obviously had to travel to Germany from Brazil before he could return, and wasn't detained on the way there.

On the other hand, Poitras has been detained many times, and this is why she's finishing her film in Germany rather than her own country (the US). However I believe the times that she was detained, she was on her way to/from the US.

We only have the UK government's word that the encryption key was present. Their credibility has not been great in this debacle so far.

If it required multiple passwords to access, why carry even one? That's like unlocking one lock on a multilock door and then going, "I guess we should just stand here, till someone else unlocks the rest".

Also, why is David Miranda not referred to as "David Miranda"? He's been international news for a few weeks now. "Partner of NSA leaks reporter" seems very... biased to me.

Biased against or in favor to what?

Biased as in defining him based on his relationship to someone else, rather than who he is or what he is doing.

Okay, fine so you don't want to use "David Miranda" because not enough people know that name. Okay. Then why not "NSA leaks courier" instead of "Partner of NSA leaks reporter"? Or maybe even "Man detained in UK under questionable legal basis"

Sounds like a lame attempt to attack Greenwald's cred, perhaps to scare off other potential whistleblowers? A rough government-spokesman-to-interwebs translation turns the deputy adviser's statement into "LOL N00bz!!!" Historically I would discard such suspicion simply on the grounds of how sad and weak it is, but then the last few months happened.

Because then somebody could intercept it and copy it. At least if you physically transport it you will almost certainly be aware when somebody else gains access to it. Even if it's properly encrypted, keeping access to the encrypted data to as few people as possible makes sense.

But you can't expect to make it through an airport (with encryption keys written down!) without the government interrogating you. This was dumb all around.

Sure you can. Greenwald hasn't been detained at all, as far as we know. Miranda obviously had to travel to Germany from Brazil before he could return, and wasn't detained on the way there.

On the other hand, Poitras has been detained many times, and this is why she's finishing her film in Germany rather than her own country (the US). However I believe the times that she was detained, she was on her way to/from the US.

We only have the UK government's word that the encryption key was present. Their credibility has not been great in this debacle so far.

I don't agree with this. I think it is generally well known that you can't expect your electronics to remain private while traveling internationally. Perhaps this is more a US/TSA issue, but surely Greenwald et al. would be more cautious than most people.

We already know they put the insurance file online. They trust the internet that much. I still don't know why they couldn't have used TrueCrypt (or similar) and then SFTP for moving the blob.

I don't believe anything at this point the government security agencies on either side of the great pond report. If they do have a file password hopefully its only the written poems of a Pee Wee Herman impersonator.

Note to self: remove sticky note of TrueCrypt passwords from bottom of keyboard.

I don't believe anything at this point the government security agencies on either side of the great pond report. If they do have a file password hopefully its only the written poems of a Pee Wee Herman impersonator.

Note to self: remove sticky note of TrueCrypt passwords from bottom of keyboard.

It's only bad security practice if the password a) actually works on the encrypted data and b) isn't a password to open a false encrypted archive. TrueCrypt at least has a system where you can set up an archive so that there are two passwords which work. One will show the actual data, the other will show an empty archive, or one filled with non-sentitive data.

Considering the other announcement from the UK security agencies where they claimed the data he was carrying included information which could threaten the UK's defence against terrorism and the lives of security agents, this looks a lot like them trying to make out that he not only carried data which could harm people directly, but also didn't secure the data properly. After all, if the data were properly encrypted then it wouldn't *matter* how sensitive the data was, it wouldn't be accessable

Also, why is David Miranda not referred to as "David Miranda"? He's been international news for a few weeks now. "Partner of NSA leaks reporter" seems very... biased to me.

Biased against or in favor to what?

Just spitballing here, but perhaps the UK gov was tired of getting heat for detaining the partner (e.g. the Family) of the reporter (Greenwald) and the presumption that it was an act of intimidation against the press.

Referring to him by name makes his relationship to Greenwald less obvious. To a casual reader following the story one might think Miranda is just another bit player.

Also, why is David Miranda not referred to as "David Miranda"? He's been international news for a few weeks now. "Partner of NSA leaks reporter" seems very... biased to me.

Biased against or in favor to what?

Biased as in defining him based on his relationship to someone else, rather than who he is or what he is doing.

Okay, fine so you don't want to use "David Miranda" because not enough people know that name. Okay. Then why not "NSA leaks courier" instead of "Partner of NSA leaks reporter"? Or maybe even "Man detained in UK under questionable legal basis"

So lets beat this horse repeatedly until Ars editorial staff apologizes profusely that they drew attention to the fact that Glen Greenwald has a gay lover and used him as a data mule. then will you shut the fk up about it?

Also, why is David Miranda not referred to as "David Miranda"? He's been international news for a few weeks now. "Partner of NSA leaks reporter" seems very... biased to me.

Biased against or in favor to what?

Biased as in defining him based on his relationship to someone else, rather than who he is or what he is doing.

Okay, fine so you don't want to use "David Miranda" because not enough people know that name. Okay. Then why not "NSA leaks courier" instead of "Partner of NSA leaks reporter"? Or maybe even "Man detained in UK under questionable legal basis"

Well saying he is the "partner of NSA leeks reporter" is a description of his relationship to a continuing story. This choice gives insight and understanding of what that person has done. It does not taint the story because that is relevant information. Saying "Man detained in UK under questionable legal basis" would actually be a biased statement, as they are stating an opinion about his holding.

If it required multiple passwords to access, why carry even one? That's like unlocking one lock on a multilock door and then going, "I guess we should just stand here, till someone else unlocks the rest".

It seems eminently reasonable to me. If you're paranoid, and have a collection of encrypted files, you encrypt the the whole thing again and make sure that the keys are independently transported. And maybe do the same thing yet a third time.

This makes losing the physical media and even one or two keys to the data harmless. You can also, if you wish, share the responsibility among two or more trusted people, each having one of the keys.

I guess Miranda's piece of paper was one independent channel of transportation for one key.

Also, why is David Miranda not referred to as "David Miranda"? He's been international news for a few weeks now. "Partner of NSA leaks reporter" seems very... biased to me.

Biased against or in favor to what?

Biased as in defining him based on his relationship to someone else, rather than who he is or what he is doing.

Okay, fine so you don't want to use "David Miranda" because not enough people know that name. Okay. Then why not "NSA leaks courier" instead of "Partner of NSA leaks reporter"? Or maybe even "Man detained in UK under questionable legal basis"

Ok....

So, "A man named David Miranda was detained the UK...."

May i ask who the hell is he and what he have anything to do with Snowden and how he got there?

"Well... he is the partner of Glenn Greenwald"

O' right!!! now the story makes more sense. Thank you very much.

BTW, i do not under stand why you assume bias against him. Because of their homosexuality? really? Maybe YOU are the one who have problems with that and YOU do not want to hear about it.

If Miranda were a woman and the wife of Glenn Greenwald i am sure you would not care at all.

Furthermore, the media is not biased against none of the leakers, not even close . The media is blatantly biased against the government.

So lets beat this horse repeatedly until Ars editorial staff apologizes profusely that they drew attention to the fact that Glen Greenwald has a gay lover and used him as a data mule. then will you shut the fk up about it?

Deputy National Security Adviser Oliver Robbins is 100% correct. A list of instructions and the passphrase is poor security.

The fact the files cannot be accessed with just that one passphrase is not important to the statement writting a password and having encrypted stolden classified data is both a hrorible idea and horrible security.

You don't write down passwords at least on the same page as the instructions you created.

* There are ways to write your password down so only you understand how to decode it. one example might be to have a GPS location and purchase a lottery ticket with those numbers.

Glenn Greenwald has repeatedly shown an almost arrogant negligence of technology. Even if the included password didn't open the lock entirely, it was still idiotic for it to be carried along with the data. Half a key is infinitely better than no key.

The backstory is that before Snowden, Greenwald didn't even use encrypted e-mail. This from a guy who was continually reporting and exposing government secrets. Now, he sends his partner to retrieve information without using 2 channels? If this were his first rodeo, it would be easy to give him a pass. This isn't his first, second, or third. He's been the focus of the security services for years. He's very likely the single most focused upon western reporter in the entire world.

Greenwald KNOWS he's the highest profile of targets for the intelligence services. He KNOWS they're likely to stop his couriers. Still, he makes unforgivable errors like this? Greenwald clealry needs a minder. The Guardian needs to assign him a technology handler to do all the things he clearly believes are beneath him.

Glenn Greenwald may be a fine writer, but he's a technological buffoon.

But make sure that password is the one that kicks off the data self destruct sequence.....

Governments would make a copy of the drives first.

I think TrueCrypt has a plausible deniability mode, where providing a secondary password will decrypt a benign portion of the encrypted volume without revealing that the decryption was incomplete. There's always the risk the government would catch on, but this would partially protect you even if they made a copy and "coerced" you into providing a password.